MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info

[CharlieContent]

9_9

Well, you sure showed me! I can't compete with you on the Japanese style emoticon front. I had to look up what that one means. Damn, outsmarted again.

[Stephen Gornick]

I just wanted to mention that a skilled blockchain.info admin can perfectly steal your funds. He just needs to change the javascript sent to your browser in order to get your password.

That is true.  If you are running the Javascript verifier, it will alert you to this happening though:
 - https://blockchain.info/wallet/verifier

But few people run that -- a password-stealing change like you describe would probably go undetected if it were attempted (against a single targeted individual).

This is a good thought exercise here though.

What if this were a hosted Bitcoin EWallet, lets say, and something like this happened?  The hosted EWallet provider could simply adjust your balance to recover the 5 bitcoins that were accidentally sent to you.  They would have the technical ability to confiscate funds.  Now I don't know if this has ever happened but technically it is possible.

And if this were a bank where something like this happened (e.g., someone else's deposit went into your account) I guarantee you they'ld reverse the transaction immediately instead of just politely and firmly asking for a voluntary return of the funds.  A bank might even send its ex-military security officer to ensure the safe return of the funds after they've screwed up:
 - http://www.ft.com/intl/cms/s/2/93a47a62-daf0-11e1-8074-00144feab49a.html

That this incident occurred in the first palce reminds me of Stanislav's admonition:

The real laugh is that there is no solid reason to believe that the world’s national banks have seen it fit to sweat so much as one drop to vanquish Bitcoin through discreditation.  Bitcoin users themselves have been doing a thorough job of this.

- http://www.loper-os.org/?p=939

[mc_lovin]

There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away.  They aren't posting customer info publicly everywhere...

Maybe they should? They probably don't, because they have no way of linking a customer to the scam, since it's easy to steal credit cards, but that turned out to be easier in this case. Also, there's a store nearby with  a large section of the wall labeled Wall of Shame. It has photos of people the store caught shoplifting, whom the store banned, up there for everyone to see in public.

Shoplifter? Scammer? I hope next time I'm at walmart and they accidently give me too much change they don't put my picture up on the wall of shame.

And if you were asked for it back and you didn't give it?

ab8989 says it best.. but I do agree that due to the nature of bitcoin, it is relatively easy to prove a user received extra funds.  however, it was a day later that the extra 4.5119 BTC was sent to him.  see the blockchain:  http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

if walmart calls me up on a phone number I didn't give to them with the intention of them ever calling me and says that at the time of the sale I did receive the correct change, but the next day someone else gave me money randomly and it "should be" in my wallet and it pertained to the previous transaction...  yeah, I would probably hang up too.

.. continued to discuss this with Roger, as opposed to ignoring and hanging up on him, the whole thing would have likely been resolved in private..

Did nethead give Roger his phone number or something?  Or did Roger get it from his blockchain.info account via the sketchy admin console?  He could have put his phone number on the invoice for the video card, totally a reality as well. 

I think if regulations changed and the way things are done at blockchain.info are now different (user info encryption) then that is one benefit of this fiasco. 

There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away.  They aren't posting customer info publicly everywhere...

Maybe they should? They probably don't, because they have no way of linking a customer to the scam, since it's easy to steal credit cards, but that turned out to be easier in this case. Also, there's a store nearby with  a large section of the wall labeled Wall of Shame. It has photos of people the store caught shoplifting, whom the store banned, up there for everyone to see in public.

Shoplifter? Scammer? I hope next time I'm at walmart and they accidently give me too much change they don't put my picture up on the wall of shame.

And if you were asked for it back and you didn't give it?

Man that Wall of Shame thing is harsh. If someone is stealing food from a shop I feel sorry for them and I hope they get back on their feet. Thankfully something like that would be illegal here. So, of course, is shoplifting, so there's really no need for public shaming.

As many others have said, keeping the change isn't scamming. It's dishonesty. It's morally wrong. It's taking advantage of another person's honest mistake, but it's not a SCAM. A scam is a deliberate attempt to gain money from someone by deception. That is not what happened here.

All this "This guy is a THIEF and a SCAMMER and he should be vilified and Roger Ver is a poor innocent victim and should be deified" stuff is totally off the mark and at complete odds with how things actually went down.

Roger Ver made a mistake. Sometimes you need to pay for your mistakes. Sadly you can't always count on people being honest enough to help you correct your mistakes when the mistake benefits them directly. That's life. Ver has all the tools he needs to ensure it never happens again. He doesn't have to worry about being scammed or robbed again, because no one scammed or robbed him. All he has to do is make sure he (or his employee) doesn't give people the wrong amount of Bitcoins when he makes a transaction.

Roger Ver should have just asked this guy for the money back. If the guy didn't feel like being honest, too bad. Write off the loss, move on. Take it as a $50 reminder to be more careful in future. That's what any sane human being would do.

My thoughts EXACTLY.

From the dictionary:

scam
[skam]  Show IPA noun, verb, scammed, scam·ming.
noun
1.
a confidence game or other fraudulent scheme, especially for making a quick profit; swindle.
verb (used with object)
2.
to cheat or defraud with a scam.
Origin:
1960–65;  orig. carnival argot;  of obscure origin

Related forms
scam·mer, noun.

[John (John K.)]

^. Roger got his phone number, name and address from the order details at bitcoinstore.

[mc_lovin]

^. Roger got his phone number, name and address from the order details at bitcoinstore.

Ah.  Yeah I figured that was a reality halfway though writing that so I included it as a theory.  Makes sense.  But even cross-referencing that info with the wallet info as verification seems non-ToS'y to me.

[John (John K.)]

^. Roger got his phone number, name and address from the order details at bitcoinstore.

Ah.  Yeah I figured that was a reality halfway though writing that so I included it as a theory.  Makes sense.  But even cross-referencing that info with the wallet info as verification seems non-ToS'y to me.

Yes. Everything was perfectly fine until Roger accessed the blockchain.info database. However, it's still a grey area as Roger didn't publish or share the details from blockchain.info with a third party though.

[DannyHamilton]

^. Roger got his phone number, name and address from the order details at bitcoinstore.

Ah.  Yeah I figured that was a reality halfway though writing that so I included it as a theory.  Makes sense.  But even cross-referencing that info with the wallet info as verification seems non-ToS'y to me.

. . . Roger didn't publish or share the details from blockchain.info with a third party though.

Yes, he did.  BitcoinStore.com IS a third party in this action.

People seem to keep getting confused because Roger at blockchain.info and Roger at BitcoinStore.com are the same person, but those are two different companies, and it was imperative on Roger to keep his duties at those two companies separate.  The trick to realizing what was "Wrong" about what Roger did, is to substitute some other person in for his blockchain.info duties and see if the same "communication" would be considered wrong.

Lets say I run a business called BitcoinStore.com.  Lets say I suspect one of my customers of wrongdoing, but don't have enough information to prove it for certain.  If I call up Piuk at blockchain.info and ask him to confirm for me the bitcoin addreses of one of his customers so I can determine if I'm being defrauded, and blockchain.info has a privacy policy that states explicitly that they do not share any personal information with third parties except as required by law, what should Piuk's response to me be?  Has he acted in a fraudulent manner if he shares the customer information with me?  Is it a grey area?

[John (John K.)]

^. Roger got his phone number, name and address from the order details at bitcoinstore.

Ah.  Yeah I figured that was a reality halfway though writing that so I included it as a theory.  Makes sense.  But even cross-referencing that info with the wallet info as verification seems non-ToS'y to me.

. . . Roger didn't publish or share the details from blockchain.info with a third party though.

Yes, he did.  BitcoinStore.com IS a third party in this action.

People seem to keep getting confused because Roger at blockchain.info and Roger at BitcoinStore.com are the same person, but those are two different companies, and it was imperative on Roger to keep his duties at those two companies separate.  The trick to realizing what was "Wrong" about what Roger did, is to substitute some other person in for his blockchain.info duties and see if the same "communication" would be considered wrong.

Lets say I run a business called BitcoinStore.com.  Lets say I suspect one of my customers of wrongdoing, but don't have enough information to prove it for certain.  If I call up Piuk at blockchain.info and ask him to confirm for me the bitcoin addreses of one of his customers so I can determine if I'm being defrauded, and blockchain.info has a privacy policy that states explicitly that they do not share any personal information with third parties except as required by law, what should Piuk's response to me be?  Has he acted in a fraudulent manner if he shares the customer information with me?  Is it a grey area?

Took a look at http://blockchain.info/privacy , and I stand corrected. The crux of the issue here is the usage of Blockchain.info database to prove nethead/bitbitman's control over the address, and this is wrong as per the TOS. Oh well, Roger should have had pursued this matter via information from BitcoinStore and not used blockchain.info's info. Dishonest people taking advantage of a honest mistake of others is still bad no matter what.

[DannyHamilton]

Took a look at http://blockchain.info/privacy , and I stand corrected. The crux of the issue here is the usage of Blockchain.info database to prove nethead/bitbitman's control over the address, and this is wrong as per the TOS. Oh well, Roger should have had pursued this matter via information from BitcoinStore and not used blockchain.info's info. Dishonest people taking advantage of a honest mistake of others is still bad no matter what.

Agreed, in no way does Roger's violation of blockchain.info's privacy policy make NetHead's decision to keep BTC that were accidentally sent to him any less wrong.  NetHead asked for BitcoinStore to falsify customs information, then he kept money that was accidentally sent to him, and then he lied about having received the money.  In all of those instances he was certainly wrong.

However, the fact that NetHead acted in a fraudulent manner does not have any bearing on whether Roger's actions at blockchain.info were wrong.

Privacy policies matter, otherwise why bother having one?  Violation of a privacy policy is a severe action when it comes to determining the trustworthiness of a business.  blockchain.info recognized the seriousness of the issue and addressed it quickly and appropriately, but we can't just excuse Roger's behavior by saying that since BitcoinStore was being defrauded, it is ok for blockchain.info to violate their privacy policy.

[Rob E]

It is sad to see BlockChain.info - a superb service - dragged, without merit, into such an display of complete and utter incompetence on the part of the owner of Memory Dealers, Roger Ver. This https://bitcointalk.org/index.php?topic=131574.0 behavior; publicly displaying the details of a private individual and labeling them a criminal would at best seem morally dubious and at worst defamatory.

I completely agree. I think the best thing for Blockchain.info would be to force Roger Ver out.

Piuk if you wish to do that, and you need capital with which to accomplish it, feel free to PM me in confidence and we will see what we can do.

We?  Who the fuck is We? You? lol.

"We will see what we can do" as in Piuk and I together, idiot.

Owhh.. For a moment i thought you gonna roll out a posse or somthn. lol.You bein the sherif and all..
lol.

Now listen here ya'll we just cant have this vero guy exposing all these scammers i say we run 'm out of town WHOS WITH ME! lol.

[Raoul Duke]

This thread is full of spineless morons who would just sit tight while some greek dude rips them off instead of leveraging all the means they can to fuck with the scammer.
Almost gives me a desire to scam you all, just to see your reaction.

[John (John K.)]

This thread is full of spineless morons who would just sit tight while some greek dude rips them off instead of leveraging all the means they can to fuck with the scammer.
Almost gives me a desire to scam you all, just to see your reaction.

Well, I do agree that we need more exacting standards to weed out scum like what BCB does in his scam investigation. If BitcoinStore were an individual, and that individual doxed everything out from the scammer, no one would have had anything to say.
Life's full of paradoxes. If we all applied such principles while doing business, scammers would be extinct by now. It's doing nothing that causes the proliferation of dishonest activities.

[DannyHamilton]

This thread is full of spineless morons who would just sit tight while some greek dude rips them off instead of leveraging all the means they can to fuck with the scammer . . .

And a few people who feel that privacy policies matter.

I've got no problem with BitcoinStore using all the resources that are legitimately available to them to track down and leverage the customer who asked for fraudulent legal documentation and then kept money that wasn't his.

I have a big problem with an "employee" of blockchain.info violating their privacy policy to release their own customer's personal information to a third party when that customer has not in any way defrauded blockchain.info and their privacy policy explicitly states that personal information will not be released to third parties except as required by law.

[DannyHamilton]

This thread is full of spineless morons who would just sit tight while some greek dude rips them off instead of leveraging all the means they can to fuck with the scammer.
Almost gives me a desire to scam you all, just to see your reaction.

Well, I do agree that we need more exacting standards to weed out scum like what BCB does in his scam investigation. If BitcoinStore were an individual, and that individual doxed everything out from the scammer, no one would have had anything to say . . .

And if blockchain.info's privacy policy stated that they release personal information to third parties to assist in investigation of claims of fraud, then no one would have had anything to say either.

The issue isn't that companies shouldn't be allowed to share personal information to assist in fraud investigations.  The issue is that companies need to decide how they will use personal information, and then state that use in a privacy statement so potential customers can make educated decisions about the companies they want to do business with.  Violation of that privacy statement is then a serious breach of trust.

[Raoul Duke]

This is the Internet, there is no 3rd-party provided privacy and whoever thinks there is sure is mistaken and living in a dreamworld
In the Internet, privacy is a DIY thing, almost like in real life, you know...
If you don't want your neighbours to see your johnson you don't go around the house naked with the windows open, do you?

[Rob E]

I wonder how many whiners wouldn't have done the exact same thing if it happened to themselves.. this thread would be fkn dead. Its alright to bitch and whine about it, then it happens to them and suddenly the shoe is on the other foot! Right charlie? EH? ..El 0hl..

[DannyHamilton]

This is the Internet, there is no 3rd-party provided privacy and whoever thinks there is sure is mistaken and living in a dreamworld
In the Internet, privacy is a DIY thing, almost like in real life, you know...
If you don't want your neighbours to see your johnson you don't go around the house naked with the windows open, do you?

I agree.  You use the privacy policies of a business to determine your risk, and if a company violates that policy, you make sure you hold then accountable.  Businesses that value their reputation will honor their privacy policies.  Those that don't will lose customers and eventually go out of business.  This is how customers of internet-based businesses can DIY.  If a company doesn't want to respect the privacy of their customers, they can either not have a privacy policy, or explicitly state in their privacy policy that they will use customer information in any way they see fit.

But a company that lies in their privacy policy should be held to the same standard as an individual who lies in a business transaction.  In either case being outed as a "scammer" or at least as engaging in fraudulent actions is appropriate.

[DannyHamilton]

I wonder how many whiners wouldn't have done the exact same thing if it happened to themselves.. this thread would be fkn dead. Its alright to bitch and whine about it, then it happens to them and suddenly the shoe is on the other foot! Right charlie? EH? ..l0l..

I agree. blockchain.info should never have given Roger admin access to their database. There was a clear conflict of interest and as you so elegantly point out the temptation to violate the terms of service is to high.  Fortunately they have rectified the situation.

[Rob E]

I wonder how many whiners wouldn't have done the exact same thing if it happened to themselves.. this thread would be fkn dead. Its alright to bitch and whine about it, then it happens to them and suddenly the shoe is on the other foot! Right charlie? EH? ..l0l..

I agree. blockchain.info should never have given Roger admin access to their database. There was a clear conflict of interest and as you so elegantly point out the temptation to violate the terms of service is to high.  Fortunately they have rectified the situation.

I dont know i think the openess and transparency is totally needed to disolve the problem of scammers. And i think in this situation roger v had every right  to get that information any body in the same situation has in my oponion protecting criminal likenened people is a project that wil collapse on itself. How can bitcoin succeed when scammers and criminals are protected by anonimity.

And this is why guys like charlie C start crying like big fat babies when the anonimity of scammers  become exposed its not so much as a breach of contract more but more on the likes they didnt agee with a scammer being caught and exposed thats when they start to yell, and we cant have a continuety of the same thing happening,  when theres a threat like that they start crying like babies "wwhhhhaaaaaaa whhHHWAAAaa"

Who's allowed to acces block chain then any way.

[Rob E]

*